De-identification of Data using Pseudonyms (Pseudonymisation) Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "De-identification of Data using Pseudonyms (Pseudonymisation) Policy"

Transcription

1 De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7

2 Partners in Care This is a controlled document. It should not be altered in any way without the express permission of the author or their representative. On receipt of a new version, please destroy all previous versions. Document Information Date of Issue: March 2014 Next Review Date: March 2016 Version: 2.0 Last Review Author: Performance and Information Manager Owner: Performance and Information Manager Directorate: Finance Approval Route Approved By: Date Approved: Management of Information Group 19/03/2014 Management of Information Group 16/03/2015 Links or overlaps with other strategies/policies: Data protection Staff Code of Confidentiality Information Asset Owner Policy Information Governance Policy NHS Number Policy Safe Haven Procedure Amendment History Issue Status Date Reason for Change Authorised V1.0 Final December 2012 Creation of document for new organisation Management of Information Group V2.0 Final March 2014 Annual Review of Document Management of Information Group V2.0 Active March 2015 Annual Review of Document Management of Information Group Contents 1 Introduction Definitions/Glossary Statement/Objective Roles & Responsibilities Business Planning and Performance Team Safe Haven Data Presentation Training and Awareness Monitoring, Auditing, Reviewing & Evaluation References Distribution... 7 Version: 2.0 Page 2 of 7

3 1 Introduction 1.1 Pseudonymisation and de-identification is concerned with enabling the NHS to undertake secondary use of personal identifiable data in a legal, safe and secure manner. The overall aim of this policy is to facilitate: The legal and secure use of personal identifiable data for secondary purposes by the NHS (and other organisations involved in the commissioning and provision of NHS-commissioned care) NHS business to no longer use identifiable data in its non-direct care related work wherever possible NHS business processes to continue to be effective in supporting the day-today operation of the NHS System-wide integration to enable relevant information to be shared between providers. 2 Definitions/Glossary 2.1 Personal Identifiable Data (PID) is any information that can identify one person. This could be one piece of data for example a person s name or a collection of information for example name, address and date of birth. 2.2 Primary Use is when information is used for direct care and medical purposes. This would directly contribute to the treatment, diagnosis or the care of the individual. This also includes relevant supporting administrative processes and audit/assurance of the quality of healthcare service provided. 2.3 Secondary Use is when information is not used for direct care and medical purposes. Generally this could be for research purposes, audits, service management, commissioning, contract monitoring and reporting facilities. When PID is used for secondary use this should be limited and de-identified so that the secondary uses process is confidential. 2.4 Pseudonymisation The technical process of replacing person identifiers in a dataset with other values (pseudonyms) from which the identities of individuals cannot be intrinsically inferred eg. the replacement of an NHS number with another random number. Pseudonymisation may be reversible or irreversible. 3 Statement/Objective 3.1 It is a legal requirement that when personal identifiable data is used for purposes not involving the direct care of an individual, i.e. Secondary Uses, the individual should not be identified unless other legal means hold, such as the person's consent or Section 251 approval. This is set out clearly in the NHS policy and good practice guidance document 'Confidentiality: the NHS Code of Practice', which states the need to 'effectively anonymise' data prior to the nondirect care usage being made of the data. Version: 2.0 Page 3 of 7

4 3.2 Data cannot be labelled as primary or secondary use data - it is the purpose of the disclosure and the usage of the data that is either primary or secondary. This means that even where it is justifiable to hold data in identifiable form, it becomes essential to ensure that only authorised users are able to have identifiable data disclosed to them. 3.3 The use of the NHS Number is Department of Health policy within Adult Social Care as well as in the NHS; its use is being supported by the NHS Number Programme. For services and organisations that operate across health and social care, the NHS Number is the key identifier of individuals and with greater access to NHS sourced data becoming available to social care organisations. The use of personal data in social care is governed by the same legal and policy frameworks that guide the use in the NHS and the Strategic Framework for De-identification covers social care as well as NHS. This means that secondary use of personal information within social care should operate against the principles and methods set out in this guidance. 3.4 Personal Identifiable Information will include: Name Initials Address Postcode Date of birth Date of death NHS Number Local system identifiers National Insurance Number. 3.5 The table below gives some examples of de-identification techniques that can be used. De-identification Type Data Display Derivations Blurring and/or banding Pseudonymisation one off Pseudonymisation repeated & consistent Quarantine data Example Output blanks instead of identifiable data Output derivation index instead of postcode Output age instead of date of birth; output 5 year age group instead of date of birth Use encryption or randomisation technique to generate unique random number to replace a NHS Number Use techniques in above row to provide same unique pseudonym for a NHS Number for multiple sets of data to enable links over time and data sets Use data items in a context different from one where they are regarded as identifiable; e.g. Local Patient Identifier is identifiable within a provider organisation but not within a commissioner organisation Version: 2.0 Page 4 of 7

5 4 Roles & Responsibilities 4.1 All databases that hold personal identifiable information should be recorded on the Information Asset Register held by the Information Governance Team. Information Asset Owners (IAO s) have the responsibility of ensuring that the data extracted from the asset s for which they are responsible are pseudonymised, or de-identified, when data is provided for secondary use. 4.2 The Caldicott Guardian takes the lead in patient/client confidentiality issues supported by the Head of Information Governance. 4.3 The Head of Information Governance is responsible for ensuring adherence to the Safe Haven Policy. Any issues with de-identification of data, or breaches of data security should be reported by IAO s to the Management of Information Group via the Information Governance Team. 4.4 Owners of Safe Haven s will be responsible for ensuring that only staff with a genuine business need have access to personal identifiable information. 4.5 The Business Planning and Performance Team have access to a variety of systems in order to produce reports and datasets for the organisation. Due to the diversity of the data from these systems all identifiable information should be kept in the Safe Haven, see section Each team must ensure that all data is handled in line with this policy. When ad hoc requests for information are received the team member dealing with the request must establish what the information will be used for in order to categorise the use as either primary or secondary. 5 Business Planning and Performance Team Safe Haven 5.1 The Safe Haven will exist to provide the means of restricting access to authorised users to personal identifiable data for the purposes of receiving and sending personal identifiable data that is expected to be used for secondary purposes and for supporting de-identification of the personal identifiable data. The Safe Haven diagram below details the steps to support the transition of information from primary source through a de-identification process to secondary use and, when necessary, re-identifying the data for use when primary data is required. Version: 2.0 Page 5 of 7

6 5.2 Safe haven Diagram Primary Use Data Source Transition Processes (restricted access) Secondary Use Primary Use of Secondary Use Sourced Data Data Activity Data Form Systems supporting direct care Patient Pesonal identifiable DQ Deriv- Linkage De-id ation Used for Collation Analysis & secondary & Storage reporting purposes Re-id SH Primary Use usage Safe Haven Pseudonymised Patient Personal identifiable Key Identifiable data Feedback Data flow De-identified or De-id = de-identification Re-id = re-identification pseudonymised facility facility 5.3 The Safe Haven comprises the facilities to restrict access by authorised users to personal identifiable data for the purpose of supporting de-identification, which in turn means that: The facilities can only be used by authorised staff sufficient to perform the functions and provide cover and back-up to ensure continuity of service Authorisation of the staff performing roles in the local Safe Haven should be through the Head of Information Governance and the equivalent of local Registration Authority processes for accessing Spine based applications The systems (or sub-systems) used for the data transition processes must have appropriate access control mechanisms to restrict access to authorised users for the specific purpose of supporting de-identification processes. 5.4 Locally this will mean that the safe haven will have three locations \\sdhtorct01\shared\nzbs\operations\performance the BP&P teams shared drive The Microsoft SQL Server Community database on server sdhis2 (SQL Server ) The Microsoft SQL Server sdhsccrdw (SQL Server ). 5.5 All of the above locations are restricted, access being controlled by Windows authentication log on. 5.6 Managers will ensure that access to the Safe Haven is kept in line with staff movement and any changes to a person s role will be reflected in a change of access to data repositories. Version: 2.0 Page 6 of 7

7 6 Data Presentation 6.1 When reports are produced from any database that contains personal identifiable information the way in which the data is presented should take into account the software being used. For example a report presented within Excel that uses a Pivot table may only display aggregated non-identifiable information. However, if the source data the pivot table links to contains identifiable information the end user of the report will be able to amend the data displayed and drill down to a level which is identifiable. Precautions should be taken to either amend the source data with a pseudonym, or preferably present the information using software that prevents this happening, such as a PDF document. 7 Training and Awareness 7.1 The annual Information Governance training that is delivered to all staff will reference the principles of Pseudonymisation. 7.2 Information Asset Owners should undertake Information Asset training where the Pseudonymisation principles will be disseminated. 7.3 The Information Governance Team will raise awareness of this policy. 7.4 Advice and support around this policy will be provided by the Information Governance Team and the Safe Haven Lead. 8 Monitoring, Auditing, Reviewing & Evaluation 8.1 Managers are responsible for ensuring their staff comply with this Policy. 8.2 The periodic review that the Information Asset Policy requires of Information Asset Owners should take into account the distribution of data from the asset and ensure that this policy is adhered to. 8.3 A review of this document will be conducted every two years or following a change to associated legislation or national / local terms and conditions of service. 8.4 Any possible breaches to this policy or data loss should be reported to Information Governance in line with the Incident Reporting Policy. 9 References 9.1 Further guidance and documentation is available on the DoH website: Confidentiality: NHS Code of Practice cyandguidance/dh_ Distribution 10.1 Staff will be advised of this policy and associated procedures / guidance through the Staff Bulletin. The Policy will be widely available to all staff and volunteers via their line manager, intranet and the website. Version: 2.0 Page 7 of 7

Health and Social Care Information Centre

Health and Social Care Information Centre Health and Social Care Information Centre Information Governance Assessment Customer: Clinical Audit Support Unit of the Health and Social Care Information Centre under contract to the Royal College of

More information

Pseudonymisation Implementation Project (PIP)

Pseudonymisation Implementation Project (PIP) Pseudonymisation Implementation Project (PIP) Reference Paper 3 Guidance on De-identification Final v1.0-20 November 2009 Without Prejudice Header text Guidance on De-identification Programme NPFIT Document

More information

Information Sharing Protocol

Information Sharing Protocol Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics) Document Control Date Version Author Comment 08/02/10 0.1 A.

More information

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Paper NHSE130903 BOARD PAPER - NHS ENGLAND Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Clearance: Tim Kelsey, Director of Patients

More information

D-CRIS Information Governance Assurance

D-CRIS Information Governance Assurance D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles

More information

NATIONAL HEALTH SERVICE, ENGLAND

NATIONAL HEALTH SERVICE, ENGLAND D I R E C T I O N S NATIONAL HEALTH SERVICE, ENGLAND The Health and Social Care Information Centre (Establishment of Information Systems for NHS Services: Collection and Analysis of Primary Care Data)

More information

Secondary use and de-identification through safe havens. Clive Thomas NIGB Workshop 6 th June 2011

Secondary use and de-identification through safe havens. Clive Thomas NIGB Workshop 6 th June 2011 Secondary use and de-identification through safe havens Clive Thomas NIGB Workshop 6 th June 2011 The context and (some of) the story so far. Common Law of Confidentiality Professional responsibilities

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Privacy Impact Assessment: care.data

Privacy Impact Assessment: care.data High quality care for all, now and for future generations Document Control Document Purpose Document Name Information Version 1.0 Publication Date 15/01/2014 Description Associated Documents Issued by

More information

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs Information Governance and Risk Stratification: Advice and Options for CCGs and GPs 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning

More information

The EDGE 2014 User Conference Information Governance Workshop

The EDGE 2014 User Conference Information Governance Workshop The EDGE 2014 User Conference Information Governance Workshop Monday 17 th March 2014 Debbie Terry Agenda What is Information Governance? New developments in legislation Your questions answered Caldicott

More information

IAPT Data Standard. Frequently Asked Questions

IAPT Data Standard. Frequently Asked Questions IAPT Data Standard Frequently Asked Questions Version 1.0 March 2012 IAPT FAQs 1.0-1 - Contents Section 1: About the IAPT Data Standard.. 3 Section 2: Who is responsible for doing what?. 5 Section 3: How

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

General Practice Extraction Service (GPES)

General Practice Extraction Service (GPES) General Practice Extraction Service (GPES) Customer: Health and Social Care Information Centre (HSCIC) Requirement: Patient Objections Management (POM) Customer Requirement Reference Number: NIC-228038-V5Z0L

More information

OxCCARE Information Governance Policy

OxCCARE Information Governance Policy OxCCARE Information Governance Policy Introduction: This document is intended to act as a practical guide to information governance (IG) for all research, audit, quality improvement and service evaluation

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Remote Data Extraction Policy and Procedure

Remote Data Extraction Policy and Procedure Remote Data Extraction Policy and Procedure Prepared by PRIMIS June 2015 The University of Nottingham. All rights reserved. Contents 1. Introduction... 3 2. Purpose and scope... 3 3. Policy Statement...

More information

Personal Data Handling and Sharing Policy

Personal Data Handling and Sharing Policy Personal Data Handling and Sharing Policy Originator Richard Gibson Date 20 June 2012 Verifier Lynda Oliver Date 20 June 2012 Reviewed Richard Gibson, Lynda Oliver Date July 2013 Contents Page 1. Introduction

More information

Information Circular

Information Circular Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences NHS-HE Forum, 28 th November 2013 UCL IG Framework Where we ve got to The IG Framework Services to support the

More information

Privacy Charter. Protecting Your Privacy

Privacy Charter. Protecting Your Privacy Privacy Charter Protecting Your Privacy 1 1. Introduction 3 2. Collection of personal information 3 What sort of personal information do we collect and hold? 3 Anonymity and Pseudonymity 3 Why do we collect

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

Privacy Committee. Privacy and Open Data Guideline. Guideline. Of South Australia. Version 1

Privacy Committee. Privacy and Open Data Guideline. Guideline. Of South Australia. Version 1 Privacy Committee Of South Australia Privacy and Open Data Guideline Guideline Version 1 Executive Officer Privacy Committee of South Australia c/o State Records of South Australia GPO Box 2343 ADELAIDE

More information

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Pseudonymisation Implementation Project (PIP) Reference Paper 4

Pseudonymisation Implementation Project (PIP) Reference Paper 4 Pseudonymisation Implementation Project (PIP) Reference Paper 4 Pseudonymisation Technical White Paper - Design and MS-SQL FV2 24 th March 2010 Without Prejudice Programme NPFIT Document Record ID Key

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

Information Governance White Paper EDGE Programme

Information Governance White Paper EDGE Programme Information Governance White Paper EDGE Programme Forward Dear Subscriber The research landscape within the UK continues to evolve; from April 2014 we will see the formation of 15 Local Clinical Research

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Complaint: NHS Data Storage in the Google Cloud

Complaint: NHS Data Storage in the Google Cloud 13 th March 2014 Christopher Graham, Information Commissioner, Wycliffe House, Water Lane, WILMSLOW, Cheshire SK9 5AF Dear Chris, Complaint: NHS Data Storage in the Google Cloud We are writing about recent

More information

Data privacy, secrecy and security policy

Data privacy, secrecy and security policy A Data privacy, secrecy and security policy 11 March 2014 v2.0 Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 1 of 52 Document Control Sheet Document

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Subject Access Request (SAR) Procedure

Subject Access Request (SAR) Procedure Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave

More information

Degrees of De-identification of Clinical Research Data

Degrees of De-identification of Clinical Research Data Vol. 7, No. 11, November 2011 Can You Handle the Truth? Degrees of De-identification of Clinical Research Data By Jeanne M. Mattern Two sets of U.S. government regulations govern the protection of personal

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Registered Nurse Clinical Services

Registered Nurse Clinical Services JOB DESCRIPTION SECTION IDENTIFICATION Job Title: Responsible to: Hospice Band: Department: Location: Registered Nurse Clinical Services Clinical Services Manager Band 6 Day Therapy Unit Nottinghamshire

More information

Information Governance Lead

Information Governance Lead Peninsula Community Health Information Governance Policy Title: Information Governance Policy Procedural Document Type: Policy Reference: CO-IG-P04 CQC Outcome: Version: 2.0 Approved by: Information Governance

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

HOW WE USE YOUR PERSONAL INFORMATION

HOW WE USE YOUR PERSONAL INFORMATION HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Patient Reported Outcome Measures (PROMs) Standards

Patient Reported Outcome Measures (PROMs) Standards Patient Reported Outcome Measures (PROMs) Standards A. Information Governance Requirement This Information Governance Requirement Standard covers four Areas: 1. NHS Systems Requirements, 2. Data Sharing,

More information

How is RBAC used in SUS?

How is RBAC used in SUS? Role Based Access Control What is RBAC? SUS is a part of the NHS Care Record Service (NCRS) application from the National Programme for IT (NPfIT) and is accessed from the NHS national data network, the

More information

Management of the Central Alert System (CAS)

Management of the Central Alert System (CAS) Management of the Central Alert System (CAS) April 2013 Partners in Care Version: Page 1 of 13 This is a controlled document. It should not be altered in any way without the express permission of the author

More information

ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA

ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA 1. This is the Data Diversity Policy for St Ives Chambers which is established in accordance with RC110 (section D1.2 Equality and diversity)

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Safe and secure use of personal health information

Safe and secure use of personal health information Safe and secure use of personal health information Who is this leaflet for? This leaflet is for anyone who uses any of the services provided by the NHS in Scotland. It has been produced by Health Protection

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

The Health Foundation is an independent charity working to improve the quality of healthcare in the UK.

The Health Foundation is an independent charity working to improve the quality of healthcare in the UK. Job description Job title: Reporting to: Salary: Intern in Data Analytics (six months fixed term contract) Data Manager 17,843 per annum (pro rata) Hours per week: 37.5 The Health Foundation The Health

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

De-Identification of Clinical Data

De-Identification of Clinical Data De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV Tyrone Grandison, PhD Manager, Privacy Research, IBM TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Information Security Assurance Plan 2015/16

Information Security Assurance Plan 2015/16 Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Job Description. Information Governance & Health Records Manager

Job Description. Information Governance & Health Records Manager Job Description POST: GRADE: RESPONSIBLE TO: ACCOUNTABLE TO: Information Governance Facilitator A4C Band 3 0.93 WTE 35 Hours per week Information Governance & Health Records Manager Head of Information

More information

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft- Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page

More information

Deputy Director, Mental Health and Protection of Rights Division, Scottish Government

Deputy Director, Mental Health and Protection of Rights Division, Scottish Government Privacy Impact Assessment (PIA): Mental Health and Learning Disability Bed Census: One Day Audit and the Mental Health and Learning Disability Patients: Out of Scotland and Out of NHS Placements Census

More information

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols

Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Title Trust Ref No 1340-29497 Local Ref (optional) Main points the document covers Who is the document aimed

More information

that it has no right to have access to the Software in source code form;

that it has no right to have access to the Software in source code form; Attachment 2: TERMS & CONDITIONS SECTION 1: CAT CS Pty Ltd CAT Plus Software Distribution Agreement things to know: For the Practice 1. The Practice acknowledges that all Intellectual Property Rights in

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Data Quality Policy SH NCP 2. Version: 5. Summary:

Data Quality Policy SH NCP 2. Version: 5. Summary: SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

INFORMATION GOVERNANCE HANDBOOK

INFORMATION GOVERNANCE HANDBOOK INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Secure Transfer of Information Guidance for staff

Secure Transfer of Information Guidance for staff Secure Transfer of Information Guidance for staff Document number CCG.GOV.013.1.1 Version: 1.1 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 8 th January 2014 Name of originator /author

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Use and verification of the NHS number for all active patients.

Use and verification of the NHS number for all active patients. Title: Reference No: Owner: Author: Use and verification of the NHS number for all active patients. NHSNYYIG-004 Director of Standards Information Governance Team First Issued On: March 2008 Latest Issue

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

CONSUMER DATA RESEARCH CENTRE DATA SERVICE USER GUIDE. Version: August 2015

CONSUMER DATA RESEARCH CENTRE DATA SERVICE USER GUIDE. Version: August 2015 CONSUMER DATA RESEARCH CENTRE DATA SERVICE USER GUIDE Version: August 2015 Introduction The Consumer Data Research Centre (CDRC or Centre) is an academic led, multi-institution laboratory which discovers,

More information